Security

Obviously, it's worth being careful and concerned about this kind of thing. Those encrypted ransomware attacks have become quite popular lately, and you can imagine why some would think it would be fun to target Congress specifically. Still, blocking all of YahooMail seems... like overkill? Yes, obviously, warn everyone to be careful, and highlight the details and what to watch out for. Perhaps institute some other kinds of protections. But a blanket ban on YahooMail just seems odd.

Among the most disruptive changes in Linux over the last decade has been in the introduction and broad integration of the systemd init system into Linux.

In a keynote session at the CoreOS Fest in Berlin this week, Lennart Poettering, one of the lead developers of systemd, delivered a detailed technical keynote on some of the key parameters in systemd and how they can be used to secure Linux servers.

This movement is fairly new. Concepts like automate testing or continuous testing, in the context of continuous delivery, still do not have 10 years of history. We need to be careful with trends. The topic is so hot these days that the association between automated testing and quality is becoming the norm, also in Open Source.

Some of the world's biggest security and software vendors will be rushing to patch holes in implementations of the popular 7-zip compression tool to stop attackers gaining full control of customer machines.

EFF is proud to introduce Certbot, a powerful tool to help websites encrypt their traffic. Certbot is the next iteration of the Let's Encrypt Client; it obtains TLS/SSL certificates and can automatically configure HTTPS encryption on your server. It's still in beta for now, but we plan to release Certbot 1.0 later this year.

Recently, Mozilla filed a brief with the court, urging the FBI to reveal the technique used to hack 1000+ computers of pedophile TOR users. The open source supporter said that TOR software suite is based on Firefox and any known flaw can compromise the security of the end users.

There continue to be many people around the globe who want to be able to use the web and messaging systems anonymously, despite the fact that some people want to end Internet anonymity altogether. Typically, the anonymous crowd turns to common tools that can keep their tracks private, and one of the most common tools of all is Tor, an open source tool used all around the world.

Project leaders behind Tor have continuously improved its security features, but now Mozilla is asking the U.S. District Court for the Western District of Washington, in the interest of Firefox users, to disclose any findings of vulnerability in Tor to it first, before any other party learns of the vulnerability. Here is the thought behind this.

With the Tor browser being built on the Firefox framework, any exploit of Tor could affect vanilla Firefox users. Not only that, but the FBI is apparently sitting on another Firefox vulnerability it used in a previous investigation to unmask Tor users. (This refers to the FBI's 2012 child porn sting, which also used a NIT to obtain information about visitors to a seized website.) The filing notes the FBI has been less than helpful when approached for info about this Firefox/Tor-exploiting NIT.

And we're back! Google has released the latest Android security update and, as you might expect, there's plenty to be had. This time around, Google patched 40 vulnerabilities. Twelve of these 40 issues were marked as critical, with two of those identified as remote code execution vulnerabilities (aka, the worst kind). Unfortunately, the two remote code execution (RCE) issues are found in Android's mediaserver. This is the same subsystem that has been plagued with issues in the past few months. Those two RCE issues aren't the only ones to haunt the mediaserver.

Allwinner is a Chinese company that makes processors for low-cost devices like tablets, ARM-based PCs, set-top boxes etc. It looks like the company has recently shipped a Linux Kernel version with a very simple built-in root backdoor.

A bored hacker has been playing around with several subreddits for almost a week and there is nothing that Reddit could do. There was no purpose behind the hacking as said by the hacker. He says, just because he got bored, he decided to have some serious fun.

Part of the reason for this may well be because of the nature of the vulnerability, which requires upload permissions. “These are generally restricted to subscribers and administrators,” Cid notes, “which by design negatively impacts the ability to perform a mass exploit across the web. Additionally, there aren’t that many open-source and public Content Management Systems (CMS) that use ImageMagick by default, which drastically reduces the potential attack surface – something required to see mass attacks.”

The Linux kernel is a fast moving project, and it's important for both users and developers to quickly update to new releases to remain up-to-date and secure. That was the keynote message Greg Kroah-Hartman, maintainer of the stable Linux kernel, delivered at CoreOS Fest on May 9 here.

Kroah-Hartman is a luminary in the Linux community and is employed by the Linux Foundation, publishing on average a new Linux stable kernel update every week. In recent years, he has also taken upon himself the task of helping to author the "Who Writes Linux" report that details the latest statistics on kernel development. He noted that, from April 2015 to March 2016, there were 10,800 new lines of code added, 5,300 lines removed and 1,875 lines modified in Linux every day.

At the beginning of the month, we informed you about the general availability of an updated ISO image for the Arch Linux-based BlackArch Linux operating system, which gave users access to over 1,400 penetration testing tools.

BlackArch Linux 2016.04.28 was, as its version number suggests, baked and cooked at the end of April, and it introduced 80 new security-oriented utilities to the ever growing collection of tools that are available in the software repositories of this GNU/Linux operating system.

Jaku Botnet discriminates while targeting its victims in the wild. It is easier to download from the famous sources like images or Torrents — thanks to the unforced human errors — and once installed, it grips that computer and makes that a part of the Botnet network.

There has been a surprising tweet last week: "Props to @FiloSottile for his nifty gvt golang tool. We're using it to get reproducible builds for a Zika & West Nile monitoring project." and to our surprise Kenn confirmed privately that he indeed meant "reproducible builds" as in "bit by bit identical builds". Wow. We're looking forward to learn more details about this; for now we just know that they are doing this for software quality reasons basically.

A Florida man has been charged with felony criminal hacking charges after disclosing vulnerabilities in the voting systems used in Lee County, Florida. Security analyst David Levin was arrested 3 months after reporting un-patched SQL injection vulnerabilities in the county's election systems. Levin was charged with three counts of unauthorized access to a computer, network, or electronic device and released on $15,000 bond. Levin's first and biggest mistake was to post a video of himself on YouTube logging into the Lee County Elections Office network using the credentials of Sharon Harrington, the Lee County Supervisor of Elections.

Today, May 10, 2016, KDE has announced the general availability of the first point release in the latest stable and most advanced KDE Applications 16.04 series of the software suite used for the KDE Plasma 5 desktop environment.

A few moments ago, renowned Linux kernel maintainer Greg Kroah-Hartman had the pleasure of announcing the general availability of the Linux kernel 4.8.13 and Linux kernel 4.4.37 LTS maintenance updates.
While many rolling GNU/Linux distributions have just received the Linux 4.8.12 kernel, it looks like Linux kernel 4.8.13 is now available with more improvements and bug fixes, but it's not a major milestone. According to the appended shortlog and the diff since last week's Linux 4.8.12 kernel release, a total of 46 files were changed, with 214 insertions and 95 deletions.

openSUSE's Douglas DeMaio reports on the latest Open Source and GNU/Linux technologies that landed in the repositories of the openSUSE Tumbleweed rolling operating system.

What Is A VPN Connection? Why To Use VPN?

We all have heard about VPN sometime. Most of us normal users of internet use it. To bypass the region based restrictions of services like Netflix or Youtube ( Yes, youtube has geo- restrictions too). In fact, VPN is actually mostly used for this purpose only. ​

The Libreboot C201 from Minifree is really really really ridiculously open source

Open source laptops – ones not running any commercial software whatsoever – have been the holy grail for free software fans for years. Now, with the introduction of libreboot, a truly open source boot firmware, the dream is close to fruition.
The $730 laptop is a bog standard piece of hardware but it contains only open source software. The OS, Debian, is completely open source and to avoid closed software the company has added an Atheros Wi-Fi dongle with open source drivers rather than use the built-in Wi-Fi chip.